[PATCH v4 24/34] loadpin: move initcalls to the LSM framework

[Mimi Zohar]

On Tue, 2025-09-16 at 18:03 -0400, Paul Moore wrote:
> Acked-by: Kees Cook <kees at kernel.org>
> Reviewed-by: John Johansen <john.johhansen at canonical.com>
> Signed-off-by: Paul Moore <paul at paul-moore.com>

For the first couple of iterations, the patch descriptions needed to be added or
improved upon.  Some of the patch descriptions are still missing (e.g. 25, 27,
etc).  Is this intentional because you feel it is redundant or simply an
oversight because checkpatch.pl is not flagging it?  Checkpatch normally flags
missing patch descriptions, but isn't flagging it now because of the additional
tags.

FYI, teaching newbies how to break up a patch set is not easy.  This patch set
is nicely broken up and would be a good example.  However, leaving out the patch
description would be teaching the wrong thing.

Mimi


> ---
>  security/loadpin/loadpin.c | 15 ++++++++-------
>  1 file changed, 8 insertions(+), 7 deletions(-)
> 
> diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c
> index b9ddf05c5c16..273ffbd6defe 100644
> --- a/security/loadpin/loadpin.c
> +++ b/security/loadpin/loadpin.c
> @@ -270,11 +270,6 @@ static int __init loadpin_init(void)
>  	return 0;
>  }
>  
> -DEFINE_LSM(loadpin) = {
> -	.id = &loadpin_lsmid,
> -	.init = loadpin_init,
> -};
> -
>  #ifdef CONFIG_SECURITY_LOADPIN_VERITY
>  
>  enum loadpin_securityfs_interface_index {
> @@ -434,10 +429,16 @@ static int __init init_loadpin_securityfs(void)
>  	return 0;
>  }
>  
> -fs_initcall(init_loadpin_securityfs);
> -
>  #endif /* CONFIG_SECURITY_LOADPIN_VERITY */
>  
> +DEFINE_LSM(loadpin) = {
> +	.id = &loadpin_lsmid,
> +	.init = loadpin_init,
> +#ifdef CONFIG_SECURITY_LOADPIN_VERITY
> +	.initcall_fs = init_loadpin_securityfs,
> +#endif /* CONFIG_SECURITY_LOADPIN_VERITY */
> +};
> +
>  /* Should not be mutable after boot, so not listed in sysfs (perm == 0). */
>  module_param(enforce, int, 0);
>  MODULE_PARM_DESC(enforce, "Enforce module/firmware pinning");